Microsoft warned on Tuesday of a Windows vulnerability that could allow an attacker to take control of a computer if the user is logged on with administrative rights.

To be successful, an attacker would have to send an email with an attached Microsoft Word or PowerPoint file containing a specially crafted thumbnail image and convince the recipient to open it, Microsoft said in its advisory, which also contains information on workarounds.

An attacker also could place the malicious image file on a network share and potential victims would have to browse to the location in Windows Explorer.